• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.731-742
• /
• 2017

For all the various cryptographic techniques related to security, social technological attacks such as a shoulder surfing are infeasible to block off completely. Especially, the attacks are executed against financial facilities such as automated teller machine(ATM) which are located in public areas. Furthermore, online financial services whose rate of task management is consistently increasing are vulnerable to a shoulder surfing, smudge attacks, and key stroke inference attacks with google glass behind the convenience of ubiquitous business transactions. In this paper, we show that the security of ATM and internet banking can be reinforced against a shoulder surfing by using One-Time Keypad(OTK) and compare the security of OTK with those of ordinary keypad and One-Time Password(OTP).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.857-869
• /
• 2016

It is a well-known fact that password based authentication system has been threatened for crucial data leakage through monitoring key log. Recently, to prevent this type of attack using keystroke logging, virtual onscreen keyboards are widely used as one of the solutions. The virtual keyboards, however, also have some crucial vulnerabilities and the major weak point is that important information, such as password, can be exposed by tracking the trajectory of the mouse cursor. Thus, in this paper, we discuss the vulnerabilities of the onscreen keyboard, and present hypothetical attack scenario and a method to crack passwords. Finally to evaluate the performance of the proposed scheme, we demonstrate an example experiment which includes attacking and cracking by utilizing password dictionary and analyze the result.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.993-999
• /
• 2015

OTP(One time password) is widely used as an authentication method for financial and other security-sensitive transactions. OTP provides strong security since each password is used only one time while normal password-based authentications use passwords as long term secrets. However, OTP-based authentications relatively lack usability since they require users to hold an OTP card or generator. To overcome such a problem, smartphones start replacing OTP cards and such a method is called smart OTP. However, smart OTP inherits security vulnerabilities that smartphones have. In this paper, we propose a smart OTP authentication based on an extremely light authentication protocol called HB+. HB+ protocol is developed for low-cost devices and has small communication and computation costs. We present our solution and discuss its security, efficiency and practicality. Our contribution is providing a method to securely use smart OTP without losing its efficiency and usability.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.229-232
• /
• 2010

Smart Phone is the increasing use. Smart Phone can be run on that New or videos you want to connect to the Internet for downloading and viewing applications. But the wireless Internet have been found that Due to the vulnerability of the Internet, Smart Phone security vulnerabilities. This paper analyzes the vulnerability. Smart Phone droid that occur when connecting to the Internet. For information on Smart Phone to use to analyze network packet analysis and packet capture tools. Analysis is based on information from the Internet when you use Smart Phone Hack will demonstrate the process. Messenger, ID, to confirm the password, the actual internet ID, password access to the personal information that can be seized. In this study, hacking and security of the Smart Phone will contribute to the research process that Internet information and communication powers to strengthen the security of Korea.

• The KIPS Transactions:PartC
• /
• v.10C no.1
• /
• pp.11-16
• /
• 2003

This paper implements Multiple User Authentication System to which the system authenticating with password only has been upgraded. The 4-staged authentication including user ID, password, smart card and access control information, etc. is used at the suggested Multiple User Authentication System. The user authentication system that this paper suggests has been developed based on SecuROS/FreeBSD with the function of access control added to FreeBSD kernel. It provides both the function to limit accost range to the system to each user and the function to check that when inputting important information the demand is the one if the system ; thus, the reliability becomes increased. In the SecuROS/FreeBSD system, MAC and RBAC are being used. So, in the case of users accessing to the system, the Information about the policies of MAC and RBAC to which users would access is used in the authentication. At the time, the access to system if permitted only when the access control information that users demanded satisfies all the access control rules which have been defined In the system.

• Journal of Information Technology Services
• /
• v.16 no.3
• /
• pp.147-165
• /
• 2017

Recently, there have been numerous issues about password breaches and it is becoming important for the users to manage their passwords. In practice, the online service provider are asking the online users to change their passwords periodically. However, majority of the users are not changing their passwords regularly, and this can increase the risk of password breach. The purpose of this study is to investigate whether 'fear appeals' and 'message framing' enhance the behavior of changing passwords by the online users. Furthermore, we identify the mechanism on how the behavior of changing passwords is enabled using protection motivation theory. The results of an online experiment show that the online users who are exposed to 'fear appeals' perceived a more vulnerability and severity of password breaches, which in turn, increased the intention of changing their password. In addition, we found that perceived severity of password breaches affect fear positively. Moreover, we found that fear has significant impact on the willingness of changing passwords. Finally, Message framing plays a moderating role between fear and change intentions. That is, in a situation where 'fear appeal' is presented, it means that 'gain framing' is more effective than 'loss framing' These findings suggest that the online service providers may need to use 'fear appeals' to the online users. Security managers can address issues related to the password breaches by carefully designing 'fear appeals'.

• Journal of the Korea Society for Simulation
• /
• v.20 no.1
• /
• pp.39-49
• /
• 2011

Nowaday, Many equipments like TabletPC, Digital kiosk, ATM using touch-panel service instead of keyboard or button, to support intuitively input for user. Furthermore these days touch-panels recognize up to 5 contact points using recent technology. On this study, I Introduce password input/store methodology on multi-touch environment. On past, User must input password 1 character by 1 character, like [1, 2, 3, 4]. but, on multi-touch environment user can input more than one character at the same time, like [(1,3), 2, (3,4), (1,2,3)]. In result, users can use password more intensely. This study is utilized post security technology study on multi-touch environment.

• Journal of Convergence for Information Technology
• /
• v.8 no.6
• /
• pp.159-164
• /
• 2018

This paper deals with the comparative analysis the two surveys called term1, term2 by collecting 4-digit password data 1313 for 2006~2011 and 2519 for 2012~ 2017. Numbers lacking prudence were significantly reduced in the term2 survey and over time, the use of four digit PWs became increasingly prudent. There was a difference in the use of digit numbers between male and female. The top five types accounted over 60%, which imply that certain types of preferences are present. It was the outcome of this paper that we can indirectly deduce these facts. Studies such as reuse of four digit PWs in user's convenience will need to be supplemented in the near future.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.12
• /
• pp.1705-1713
• /
• 2018

It is currently undergoing the fourth industrial revolution, which is the convergence of ICT and manufacturing, connecting both industrial equipment and production processes to one network and communicating with each other. The fact that they are connected to one network has the advantage of management, but there is a risk of security. In particular, Wi-Fi can be easily accessed by outsiders through a software change of the MAC address or password exposures. In this paper, by applying the method of Beacon using a Bluetooth Low Energy Add in Bluetooth 4.0, we propose a system of black-box approach to secure connections to wireless Internet, users do not have to know the password. We also implemented the proposed system using the raspberry pi and verified the effectiveness of a real-time system by testing the communication.

• Journal of the Institute of Convergence Signal Processing
• /
• v.21 no.4
• /
• pp.202-208
• /
• 2020

Recently, the importance of non-face-to-face has been emphasized due to COVID-19, and the use of sharing spaces is also expanding. The use of uncontact check-in technology for access control of sharing spaces reduces waiting time and optimizes workers' efficiency, resulting in operational cost savings. In this paper, we propose a sharing space access management system based on a mobile key and RCU (Room Control Unit), access to the facility using a mobile key, and monitor the facility using an RCU. Proposal system is for shared accommodation, rental field (residence, sale-selling hotel), shared office, etc. when there is a one-time visitor on a specific day and time, the corresponding password is delivered to the mobile platform to expose and key the existing password. It is supported by a field-adaptive system that can reduce discomfort such as delivery. In order to test the operation of the proposed integrated system, tests were conducted according to scenarios to understand the overall status of the user's reservation, check-in, and check-out, and a 100% success rate was derived for each item by setting performance indicators to prove test reliability.